<?
include_once("database.php");
include_once("../backend.php");
include_once("../login_management.php");
session_start();
$ausername = $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/scoutingadmin.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>place | Team Spyder Scouting</title>
<!-- InstanceEndEditable -->

<link rel="stylesheet" type="text/css" href="../scouting.css"/>
<!-- InstanceBeginEditable name="head" -->
<!-- InstanceEndEditable -->
</head>

<body>
<div class="main">
<div class="top2"><l>
<a class="navigation" href="./index.php">Home</a> | 
<a class="navigation" href="./register.php">Register a user</a> | 
<a class="navigation" href="./activeevent.php">Set Active Event</a> | 
<a class="navigation" href="./edit.php">Manage Users</a> | 
<a class="navigation" href="./teams.php">Input Teams</a> | 
<a class="navigation" href="cleanup.php"> Clean up DB</a> | 
<a class="navigation" href="./eventsetup/index.php"> Event Setup </a> | 
<a class="navigation" href="../index.php"> Main </a> | 
<script type="text/javascript">
function LoadLogin()
{
var xmlhttp;
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("content").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET","login.php",true);
xmlhttp.send();
}
</script>

<?
if($logged_in)
{
	echo "<l> Welcome,&nbsp;" . $_SESSION['username'] . " </l>";
	echo "<a class=\"navigation\" href=\"./logout.php\">Log&nbsp;out</a>\n";
}
else
{
	echo "<l> You&nbsp;are&nbsp;not&nbsp;logged&nbsp;in. </l>";
	echo "<a class=\"navigation\" href=\"#\" onclick=\"LoadLogin()\">Log in</a>\n";
}

?>
</l>
</div>
<div class="content"><!-- InstanceBeginEditable name="Content" -->
<?
if($logged_in)
{

	#check that we are an admin
	$aresult=mysql_query("select administrator from scoutlogin where username = '$ausername'",$conn);
	$adbarray = mysql_fetch_array($aresult);
	$adminstat=$adbarray['administrator'];
	if($adminstat==1)
	{
		#put all content in here to prevent people from getting content if they arent admin
		if(isset($_POST["newpass1"]) && isset($_POST["newpass2"]) && isset($_POST["oldpass"]) && isset($_POST["username"]))
		{
			$oldpass=$_POST["oldpass"];
			$newpass1=$_POST["newpass1"];
			$newpass2=$_POST["newpass2"];
			$username=$_POST["username"];
			echo "<h2>changing password for user  " . $_POST["username"] . "</h2><br>";
			if($newpass1==$newpass2)
			{
				if($newpass1==$oldpass)
				{
					echo "your new password is the same as your old password, not changing password.";
				}
				else
				{
					$newpass=md5($newpass1);
					$oldpass1=md5($oldpass);
					$result=mysql_query("SELECT * FROM scoutlogin WHERE username = '$username' AND password = '$oldpass1'",$conn);
					$numresults=mysql_num_rows($result);
					if($numresults==0)
					{
						echo "you have entererd an incorrect password, not changing password.";
					}
					else
					{
						$result=mysql_query("UPDATE scoutlogin SET password = '$newpass' WHERE username = '$username' AND password = '$oldpass1'",$conn);
						echo "you have successfully changed your password.";
					}
				}
			}
			else
			{
				echo "passwords do not match, not changing password.";
			}
		}
		#echo "<p> Welcome to the Administration panel for the Team Spyder Scouting Server</p>";
	}
	else
	{
		displayLogin();
	}

}
else
{
displayLogin();	
}
mysql_close();
?>
<!-- InstanceEndEditable -->
</div>
</div>

</body>
<!-- InstanceEnd --></html>
